The present invention relates generally to security of communications, and more specifically, the security of data communications, such as update packages for software and firmware, between a mobile handset and a management server.
Electronic devices, such as mobile phones and personal digital assistants (PDA's), often contain firmware and application software that are either provided by the manufacturers of the electronic devices, by telecommunication carriers, or by third parties. These firmware and application software often contain software bugs. New versions of the firmware and software are periodically released to fix the bugs or to introduce new features, or both. Problems may arise when communicating data such as firmware/software updates between mobile electronic devices and the management servers that provide such data.
Security of mobile handsets has been handled, to some extent, by embedded security solutions employing security features built into a handset device. Cryptographic techniques have sometimes been employed to encrypt and decrypt data. Device authorization in mobile devices is one issue, and cryptographic protection is another issue in mobile device security. Device keys may be sometimes employed to provide for device authentication.
Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of ordinary skill in the art through comparison of such systems with the present invention.